Skip to main content
Star us on GitHub Star

Kubernetes Console

Find the Console URL

Use the console by navigating to the controller's address with path /zac/ in a web browser. If you published the controller at ctrl.ziti.example.com:443, then the console URL is https://ctrl.ziti.example.com/zac/.

The correct console URL is displayed after Helm install or upgrade and may be fetched at any time with Helm.

Substitute your Helm release name for 'ziti-controller'
helm get notes "ziti-controller"

Authenticate with a Username and Password

Print the username and password
kubectl get secrets ziti-controller-admin-secret \
--output go-template=\
'{{range $k,$v := .data}}'\
'{{printf "%s: " $k}}{{if not $v}}{{$v}}{{else}}{{$v|base64decode}}{{end}}{{"\n"}}'\
'{{end}}'
Output
admin-password: UJ2Z4xK1OpagXG94GkAXkR0M4MRNvcOh
admin-user: admin

Authenticate with an Admin Client Certificate

  1. Enroll an admin identity. Link to instructions

  2. Unwrap the JSON file to obtain the certificate and private key.

    ziti ops unwrap admin2.json
  3. Compose a keystore from the certificate and private key. The -legacy flag is necessary when importing the keystore into some versions of macOS Keychain Access.

    openssl pkcs12 -export -in admin2.cert -inkey admin2.key -out admin2.p12 -name "admin2" -legacy -password 'pass:mypassword'
  4. Import the keystore:

    • macOS: Import into System Keychain via Keychain Access application for Google Chrome. You can run a terminal command or double-click the keystore file or drag it onto the login keychain to import it.

      security import admin2.p12 -k ~/Library/Keychains/login.keychain -T /Applications/Google\ Chrome.app -P 'mypass'
    • Windows: Import into the Windows Certificate Store (Personal store) via certmgr.msc.

    • Linux: Import into your browser's certificate store or system certificate store (e.g., Chrome Settings > Privacy and Security > Security > Manage certificates).

  5. Visit the console in your web browser. The browser will prompt with a list of imported client certificates. Select the one you imported in the previous step.

  6. Press the "LOGIN" button without entering a password.